Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed.
From: David Fifield <david () bamsoftware com>
Date: Thu, 30 Apr 2009 17:06:37 -0600

On Thu, Apr 30, 2009 at 09:19:07AM +0200, Fabio wrote:
On Wed, Apr 29, 2009 at 03:29:20PM +0200, Fabio wrote:
When trying to scan some hosts to search for the Conficker virus I get
the following assertion. This is nmap 4.85BETA8 compiled from source on
a SPARC machine under Linux, gcc 4.0.3.

$ ./nmap -p139,445 --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args checkconficker=1,safe=1 

Starting Nmap 4.85BETA8 ( http://nmap.org ) at 2009-04-29 15:44 CEST
Strange connect error from (42): Operation now in progress
nmap: nsock_core.c:294: handle_connect_result: Assertion `0' failed.

This is a strange error. Errno 42 is ENOMSG, "No message of desired
type". But perror is printing out the message for EINPROGRESS,
"Operation now in progress". I suppose it is possible for errno and the
error code returned by getsockopt to be different in this part of the

Does this assertion failure happen every time? If so, it would help if
you could send a packet capture created with tcpdump or a similar tool.

The assertion is 100% reproducible with that host. A packet capture
(with tcpdump -vvv) is attached.

Thanks. The packet trace is pretty strange. Here you send the TCP ping
probes, so far so good.

09:29:05.777093 IP (tos 0x0, ttl  56, id 3417, offset 0, flags [none], proto: TCP (6), length: 44) > S, cksum 0x5feb (correct), 1691702033:1691702033(0) win 1024 <mss 1460>
09:29:05.777462 IP (tos 0x0, ttl  52, id 4850, offset 0, flags [none], proto: TCP (6), length: 44) > S, cksum 0x5eb9 (correct), 1691702033:1691702033(0) win 1024 <mss 1460>

The remote host says that it doesn't understand TCP?

09:29:05.777795 IP (tos 0x0, ttl 128, id 25678, offset 0, flags [none], proto: ICMP (1), length: 56) > ICMP protocol 6 unreachable, length 36

Then the scanning machine sends back another TCP packet, this time with
no header.

        IP (tos 0x0, ttl  56, id 3417, offset 0, flags [none], proto: TCP (6), length: 44) >  tcp 24 [bad hdr length 0 - too short, < 20]

What is the operating system of Is there anything special
about the scanning SPARC machine? Has anyone seen traffic like that and
can provide an explanation?

I guess the ENOMSG is caused by the "protocol 6 unreachable" replies.
Can you try the attached patch and see if it fixes the problem?

David Fifield

Attachment: nsock-enomsg.diff

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]